+ 3

can anyone explain his point?

How does Java string being immutable increase security? A very common practice in writing class libraries is storing the parameters passed into your API, say, in a constructor, like this: public class MyApi { final String myUrl; public MyApi(String urlString) { // Verify that urlString points to an approved server if (!checkApprovedUrl(urlString)) throw new IllegalArgumentException(); myUrl = urlString; } } Were String mutable, this would lead to a subtle exploit: an attacker would pass a good URL, wait for a few microseconds, and then set the URL to point to an attack site. Since storing without copying is a reasonably common practice, and because strings are among the most commonly used data types, leaving strings mutable would open up many APIs that are not written yet open to a serious security problem. Making strings immutable closes this particular security hole for all APIs, including the ones that are not written yet.

11th Jun 2017, 5:23 AM
Somnath Ghosh
Somnath Ghosh - avatar
1 Respuesta
0
Imagine as if it was a library performing security checks called in a multithreaded environment where you could time your change (the inner state) of urlString after the check has been performed. With Strings that's not possible because of immutability.
19th Jun 2017, 8:13 PM
Kürti Szabolcs
Kürti Szabolcs - avatar